[Git][security-tracker-team/security-tracker][master] new heif issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bd8416e2 by Moritz Mühlenhoff at 2024-10-16T17:01:12+02:00
new heif issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -118,7 +118,10 @@ CVE-2024-45085 (IBM WebSphere Application Server 8.5 is vulnerable to a denial o
 CVE-2024-44775 (An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service ...)
 	TODO: check
 CVE-2024-41311 (In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decodi ...)
-	TODO: check
+	- libheif 1.18.1-1
+	NOTE: https://github.com/strukturag/libheif/issues/1226
+	NOTE: https://github.com/strukturag/libheif/pull/1227
+	NOTE: https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 (v1.18.0)
 CVE-2024-38204 (Improper Access Control in Imagine Cup allows an authorized attacker t ...)
 	TODO: check
 CVE-2024-38190 (Missing authorization in Power Platform allows an unauthenticated atta ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -17,6 +17,8 @@ activemq
 frr
   coordination with the maintainer ongoing
 --
+libheif
+--
 libreswan
   Waiting on feedback from maintainer
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8416e2cc2d7f0d7923fb1812f82fc7b9924753

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8416e2cc2d7f0d7923fb1812f82fc7b9924753
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241017/378871ef/attachment.htm>